CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9858 – Insecure user permissions in Google Cloud Migrate to Containers for Windows
https://notcve.org/view.php?id=CVE-2024-9858
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond Existe un permiso de usuario predeterminado inseguro en las instalaciones de Google Cloud Migrate to Containers desde la versión 1.1.0 a la 1.2.2 de Windows. Se otorgaron privilegios de administrador a un "m2cuser" local. • https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-5166 – Insecure Direct Object Reference In Looker
https://notcve.org/view.php?id=CVE-2024-5166
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model. Una referencia de objeto directa insegura en Looker de Google Cloud permitió la exposición de metadatos entre usuarios autenticados de Looker que compartían el mismo modelo LookML. • https://cloud.google.com/looker/docs/best-practices/query-id-update-instructions • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32777 – WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32777
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39. Vulnerabilidad de autorización faltante en BizSwoop de CPF Concepts, LLC Brand BizPrint. Este problema afecta a BizPrint: desde n/a hasta 4.3.39. The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview() function in versions up to, and including, 4.3.39. This makes it possible for unauthenticated attackers to preview templates. • https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-3-39-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29773 – WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-29773
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en BizSwoop a CPF Concepts, LLC Brand BizPrint permite cross-site scripting (XSS). Este problema afecta a BizPrint: desde n/a hasta 4.5.5. The BizPrint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.5. This is due to missing or incorrect nonce validation in the process.php file. • https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-5-5-csrf-to-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •